Email Security Assessment Services | DMARC, SPF, DKIM, MTA-STS, DNSSEC & Microsoft 365 E-mail Security

Dynamic Content Image

Blog

30 Jun, 2026

By

Cobus Burgers

Cybercriminals no longer need to hack your mail server to impersonate your organisation.

Today's phishing attacks, Business Email Compromise (BEC), CEO fraud, invoice scams, and credential harvesting campaigns increasingly rely on one simple weakness: poorly configured e-mail authentication.

If your domain is missing critical technologies such as SPF, DKIM, DMARC, MTA-STS or DNSSEC, attackers can exploit these gaps to send fraudulent messages that appear to originate from your organisation, damaging your reputation and eroding customer trust.

At NETCB, we help organisations across Africa strengthen their e-mail infrastructure by implementing internationally recognised security standards that protect your domain, improve deliverability, and increase trust in every message you send.


Why E-mail Security Is More Important Than Ever

E-mail remains the world's most widely used business communication platform—and one of the most frequently targeted by cybercriminals.

Attackers exploit weaknesses in DNS and SMTP configurations to:

  • Spoof legitimate business domains

  • Launch phishing campaigns

  • Steal credentials

  • Commit invoice fraud

  • Deliver ransomware

  • Intercept sensitive communications

  • Damage an organisation's reputation

Modern e-mail security extends well beyond deploying spam filters or antivirus software. It requires a layered approach built on DNS-based authentication, secure transport protocols, cryptographic validation, and continuous monitoring.


NETCB's Research Highlights a Significant Opportunity Across Africa

As part of our ongoing research into e-mail security adoption across the continent, NETCB analysed a snapshot of 61 publicly accessible African domains to evaluate their implementation of modern e-mail authentication and transport security standards.

The results reveal that while many organisations have adopted some foundational technologies, the implementation of advanced protections remains very limited.

Technology Status Percentage
SPF correctly configured 83.6% 51 of 61
SPF invalid 14.8% 9 of 61
DKIM correctly configured 52.5% 32 of 61
No DKIM configured 41.0% 25 of 61
DMARC not configured 27.9% 17 of 61
DMARC monitoring only (p=none) 26.2% 16 of 61
DMARC quarantine policy 23.0% 14 of 61
DMARC reject policy 21.3% 13 of 61
MTA-STS deployed 4.9% 3 of 61
TLS Reporting (TLS-RPT) deployed 4.9% 3 of 61
DANE implemented 0% 0 of 61
BIMI implemented 1.6% 1 of 61

 

These findings indicate that many organisations remain vulnerable to domain spoofing, downgrade attacks, and missed opportunities to strengthen their brand reputation and e-mail deliverability.

While technologies such as SPF and DMARC are becoming more common, many deployments are incomplete or remain in monitoring mode rather than actively protecting domains. Advanced standards such as MTA-STS, TLS Reporting, DANE, BIMI, and DNSSEC are still rarely implemented.

This presents a significant opportunity for organisations seeking to improve both their cybersecurity posture and the trustworthiness of their digital communications.


NETCB's Comprehensive E-mail Security Assessment

Our E-mail Security Assessment provides a complete evaluation of your organisation's e-mail ecosystem.

We assess:

  • DNS configuration

  • Mail server configuration

  • Public DNS records

  • SMTP transport security

  • Certificate validation

  • Authentication mechanisms

  • Deliverability

  • Domain reputation

  • Compliance with current industry standards

Following the assessment, we provide a prioritised remediation roadmap tailored to your environment.


SPF Configuration (Sender Policy Framework)

SPF specifies which mail servers are authorised to send e-mail on behalf of your organisation.

Improperly configured SPF records are one of the most common causes of spoofing and mail delivery failures.

NETCB assists with:

  • SPF design

  • Record optimisation

  • DNS lookup reduction

  • Third-party sender validation

  • Microsoft 365 optimisation

  • Google Workspace optimisation

  • Hybrid mail environments

  • Ongoing validation


DKIM Deployment (DomainKeys Identified Mail)

DKIM digitally signs outgoing messages, allowing recipients to verify that messages have not been modified and genuinely originated from an authorised server.

NETCB provides:

  • DKIM key generation

  • DNS publication

  • Selector management

  • Automated key rotation

  • Signature validation

  • Multi-platform deployment

Supported platforms include:

  • Microsoft 365

  • Exchange Server

  • OpenText GroupWise

  • Google Workspace

  • Postfix

  • Exim

  • Sendmail

  • Zimbra


DMARC Implementation

DMARC is the cornerstone of modern e-mail authentication.

It enables domain owners to specify how receiving mail servers should handle messages that fail authentication.

NETCB follows a phased implementation methodology:

Phase 1 — Visibility

Deploy DMARC in monitoring mode (p=none) to identify all legitimate e-mail sources without affecting mail flow.

Phase 2 — Controlled Enforcement

Transition to p=quarantine while resolving any remaining authentication issues.

Phase 3 — Full Protection

Enforce p=reject to prevent unauthorised messages from being delivered under your domain.

This staged approach minimises business disruption while steadily improving protection against spoofing.


Microsoft 365 E-mail Security

Microsoft 365 provides powerful e-mail security capabilities, but they depend on correct configuration.

NETCB assists organisations by:

  • Configuring Exchange Online Protection (EOP)

  • Reviewing Microsoft Defender for Office 365 settings

  • Aligning SPF, DKIM, and DMARC

  • Securing hybrid Exchange environments

  • Enabling secure SMTP transport

  • Implementing MTA-STS and TLS Reporting

  • Improving sender reputation and inbox placement


Secure SMTP with TLS

Encrypting messages in transit is essential for protecting sensitive communications.

NETCB ensures your mail infrastructure supports:

  • TLS 1.2 and TLS 1.3

  • Strong cipher suites

  • Valid certificates

  • Secure STARTTLS negotiation

  • SMTP hardening

  • Certificate lifecycle management


MTA-STS (Mail Transfer Agent Strict Transport Security)

MTA-STS protects SMTP communications against downgrade attacks by instructing compliant mail servers to require encrypted transport.

NETCB implements:

  • MTA-STS policies

  • HTTPS policy hosting

  • DNS publication

  • Validation testing

  • Continuous monitoring


TLS Reporting (TLS-RPT)

TLS-RPT complements MTA-STS by providing detailed reports on SMTP encryption failures.

These reports identify:

  • Certificate issues

  • Encryption failures

  • SMTP interoperability problems

  • Downgrade attempts

  • Misconfigured remote mail servers

NETCB integrates these reports into operational dashboards, giving administrators visibility into issues that would otherwise go unnoticed.


DNSSEC

Since e-mail authentication relies heavily on DNS, protecting DNS integrity is fundamental.

DNSSEC cryptographically signs DNS records, helping prevent spoofing and cache poisoning attacks.

NETCB assists with:

  • Zone signing

  • Key management

  • Registrar integration

  • Validation testing

  • Ongoing maintenance

DNSSEC also enables additional technologies such as DANE.


DANE (TLSA)

DANE adds another layer of protection by using DNSSEC to validate SMTP certificates.

Although adoption remains limited, it provides strong protection against certificate-based attacks and man-in-the-middle interception.

Where supported by the organisation's infrastructure and the broader mail ecosystem, NETCB can design and implement DANE as part of a comprehensive e-mail security strategy.


BIMI (Brand Indicators for Message Identification)

BIMI allows organisations to display their verified corporate logo within supported e-mail clients.

Benefits include:

  • Increased customer confidence

  • Improved brand recognition

  • Higher open rates

  • Reduced phishing success

NETCB assists with:

  • BIMI implementation

  • SVG logo preparation

  • Verified Mark Certificate (VMC) guidance

  • DNS configuration

  • Validation testing


Improving E-mail Deliverability

Strong authentication not only improves security but also enhances the likelihood that legitimate messages reach recipients' inboxes.

NETCB helps organisations improve:

  • Sender reputation

  • Domain reputation

  • Inbox placement

  • SMTP compliance

  • Authentication alignment

  • Third-party sender management

  • Bounce reduction

Major providers including Microsoft, Google, Yahoo, Apple, and many regional ISPs increasingly prioritise authenticated domains when evaluating message legitimacy.


Security Dashboards and Continuous Reporting

Visibility is critical to maintaining a secure e-mail environment.

NETCB establishes reporting dashboards that provide actionable insights into:

  • SPF compliance

  • DKIM signing rates

  • DMARC alignment

  • Spoofing attempts

  • Rejected messages

  • SMTP TLS usage

  • TLS negotiation failures

  • MTA-STS compliance

  • DNS health

  • Certificate status

  • Mail flow trends

  • Deliverability metrics

  • Third-party sender activity

These dashboards support proactive management and help organisations respond quickly to emerging issues.


Vendor-Neutral Expertise

NETCB works with a wide range of e-mail platforms and infrastructure, including:

  • Microsoft 365

  • Microsoft Exchange Server

  • OpenText GroupWise

  • Google Workspace

  • Postfix

  • Exim

  • Sendmail

  • Zimbra

  • Secure e-mail gateways

  • Hybrid cloud deployments

  • On-premises SMTP environments

Our recommendations are based on open standards and industry best practices, ensuring solutions that are interoperable, future-ready, and tailored to your environment.


Why Choose NETCB?

With more than two decades of experience delivering cybersecurity, identity, digital workspace, and infrastructure solutions across Africa, NETCB combines deep technical expertise with practical implementation experience.

Our consultants understand not only the technologies involved, but also the operational realities of deploying them across enterprise, government, education, and regulated environments.

Whether you are starting with a basic SPF implementation or aiming to achieve a fully authenticated, encrypted, standards-compliant e-mail ecosystem with DMARC enforcement, DNSSEC, MTA-STS, TLS Reporting, BIMI, and DANE, NETCB provides the expertise to guide your organisation every step of the way.


Schedule Your E-mail Security Assessment

Every organisation should know whether its domain can be spoofed, whether its messages are trusted by major mail providers, and whether sensitive communications are adequately protected in transit.

NETCB's E-mail Security Assessment provides a detailed review of your current environment, identifies weaknesses, benchmarks your implementation against recognised best practices, and delivers a practical roadmap for strengthening both security and deliverability.

Contact NETCB today to discover how we can help protect your organisation's reputation, improve e-mail trust, and build a resilient, standards-based e-mail security environment.

Share with your friends & colleagues:

You may also like...
Dynamic Content Image

Blog

02 Apr, 2026

Navigating Vendor Lock-In with Open-Source Technology
Dynamic Content Image

Blog

30 Jun, 2026

Email Security Assessment Services | DMARC, SPF, DKIM, MTA-STS, DNSSEC & Microsoft 365 E-mail Security
Dynamic Content Image

Blog

05 Jun, 2026

SecureAnyBox visits South Africa: Addressing one of the Most Overlooked Cybersecurity Risks in South African Organisations
Loading...